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Amendment dated January 19, 2006 
Reply to Office Action of October 19, 2005 

AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) A system for a secure key distribution protocol in AAA for 
Mobile IP, comprising: 

[[a]] an MN that is configured to: generate a Reg-Req message that includes Diffie- 
Hellman parameters that are used to generate session keys and produce signatures; initiate an 
authentication session by sending the Reg-Req message; receive a Reg-Reply message that includes 
session keys that may be used to directly communicate with the AAAH, AAAF, HA, and FA nodes 
while the MN is in a foreign authority , wherein the session keys are encrypted and wherein the 
session keys include a first at least one key, a second at least one key, and a third at least one key : 

[[a]] an FA that is configured to: receive the Reg-Req message; ensure that the 
authentication session is valid; and when valid, sign and send the Reg-Req message; otherwise, end 
the authentication session; receive, and authenticate , decrypt t he Reg-Reply message; decrypt at 
least one key of the session keys; sign, and send the Reg-Reply message to the MN; 

an AAAF that is configured to: receive and authenticate the Reg-Req message; generate 
a first at least one key of the session keys using the Diffi e- H e lman Diffie-Hellman algorithm and 
the Diffie-Hellman parameters; add an identifier relating to the Reg-Req message; sign and send the 
Reg-Req message; receive, authenticate, sign and send the Reg-Reply message to the FA; 

an AAAH that is configured to: receive and authenticate the Reg-Req message; generate 
a second at least one key of the session kevs: sign and send the Reg-Req message; receive and 
authenticate the Reg-Reply message; generate a third at least one key of the session keys: encrypt 
the session keys; sign and send the Reg-Reply message to the AAAF; 

[[a] j an HA that is configured to: receive the Reg-Req message; prepare a Reg-Reply 
message in response to the Reg-Req message; and send the Reg-Reply message to the AAAH. 

2. (Original) The system of Claim 1, wherein the Diffie-Hellman parameters include an 
n,ag s and a p parameter; wherein the parameters are used to generate the session keys and are used 
in signing the Reg-Req message and the Reg-Reply message. 
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3. (Currently Amended) The system of Claim 2, wherein the Reg-Req message and the 
Reg-Reply message include[[$]] an identifier relating to where the message originated, wherein the 
identifier is selected from anNAI and a new random nonce. 

4. (Original) The system of Claim 3, wherein the Reg-Req message and the Reg-Reply 
message are signed using a security association between a sender of the Reg-Req message and the 
Reg-Reply message and a receiver of the Reg-Req message and the Reg-Reply message. 

5. (Currently Amended) The system of Claim 4, wherein the AAAF is further 
configured to: choose a secret random number y to calculate a parameter q = g y mod n according to 
the Diffie-Helman Diffie-Hellman algorithm that is used in generating the session keys. 

6. (Original) The system of Claim 4, wherein authenticating the Reg-Req message and 
the Reg-Reply message further comprises ensuring that the Reg-Req message and the Reg-Reply 
message came from the sender by checking the signature relating to a security association between 
the sender and the receiver, 

7. (Original) The system of Claim 6, wherein the AAAF is further configured to 
determine the AAAH for the MN in response to the identifier associated with the MR 

8. (Currently Amended) The system of Claim 7, wherein the AAAF is further 
configured to store a time associated with the initiation of the authentication session in order to 
prevent a Reply message fail failure . 

9. (Original) The system of Claim 8, wherein the AAAH is further configured to 
protect the authentication process from a replay attack, and when the AAAH does not recognize the 
MN, generate an error. 
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1 0. (Original) The system of Claim 9, wherein the AAAH is further configured to help 
the FA directly communicate to the HA through a security association by generating the session 
keys for the FA, HA 5 and MN, and distributing the session keys in a secure fashion, 

i 

i 

j 11. (Original) The system of Claim 1 0, wherein distributing the session keys in a secure 

| fashion, further comprises encrypting the session keys. 

! 
t 

12. (Original) The system of Claim 1 1 s wherein the HA is further configured to register 
a current location of the MN and store the session keys. 

13. (Currently Amended) A method for a secure key distribution protocol in AAA for 
Mobile IP, comprising: 

establishing secure associations between a MN, an AAAH, an AAAF, a HA, and a FA to 
help ensure secure communication; 
j securing a Reg-Req message and a Reg-Reply message used in establishing the secure 

associations; 

creating a plurality of session keys by the AAAH and the AAAF : and 
distributing the session keys in a secure manner. 

; 14. (Currently Amended) The method of Claim 13, further comprising using a home 

authority and a foreign authority to maintain and help establish the secure associations^;]]. 

i 

15. (Original) The method of Claim 14, wherein establishing the secure associations 
between the MN, the AAAH, the AAAF, the HA, and the FA, further comprises: 
establishing a secure association between the MN and the AAAH; 
establishing a secure association between the AAAH and the HA; 
establishing a secure association between the AAAF and the AAAH; 
establishing a secure association between the AAAF and the FA; and 
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establishing a secure association between the AAAF and the MN. 

16. (Original) The method of Claim 15, further comprising determining when a 
signature is an authentic signature based on the secure associations and the session keys. 

17. (Original) The method of Claim 16» wherein establishing the secure associations 
between the MN, the AAAH, the AAAF, the HA, and the FA to help ensure secure communication, 
further comprises: 

signing the Reg-Req message and the Reg-Reply message using the session keys; and 
authenticating the received Reg-Req message and the Reg-Reply message. 

1 8. (Original) The method of Claim 17, wherein creating the session keys further 
comprises utilizing DifKe-Hellman parameters and the Diffie-Hellrnan algorithm. 

1 9. (Original) The method of Claim 1 8, wherein the Reg-Req message includes an NAI 
associated with the MN 3 a time stamp, a challenge issued by the FA, and the Diffie-Hellman 
parameters. 

20. (Original) The method of Claim 19 5 wherein the Reg-Reply message includes an 
identifier and the session keys. 
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